import win32security, ntsecuritycon, winnt

class Enum:
    def __init__(self, *const_names):
        """Accepts variable number of constant names that can be found in either
            win32security, ntsecuritycon, or winnt."""
        for const_name in const_names:
            try:
                const_val=getattr(win32security,const_name)
            except AttributeError:
                try:
                    const_val=getattr(ntsecuritycon, const_name)
                except AttributeError:
                    try:
                        const_val=getattr(winnt, const_name)
                    except AttributeError:
                        raise AttributeError('Constant "%s" not found in win32security, ntsecuritycon, or winnt.' %const_name)
            setattr(self, const_name, const_val)

    def lookup_name(self, const_val):
        """Looks up the name of a particular value."""
        for k,v in self.__dict__.iteritems():
            if v==const_val:
                return k
        raise AttributeError('Value %s not found in enum' %const_val)

    def lookup_flags(self, flags):
        """Returns the names of all recognized flags in input, and any flags not found in the enum."""
        flag_names=[]
        unknown_flags=flags
        for k,v in self.__dict__.iteritems():
            if flags & v == v:
                flag_names.append(k)
                unknown_flags = unknown_flags & ~v
        return flag_names, unknown_flags

TOKEN_INFORMATION_CLASS = Enum(
    'TokenUser',
    'TokenGroups',
    'TokenPrivileges',
    'TokenOwner',
    'TokenPrimaryGroup',
    'TokenDefaultDacl',
    'TokenSource',
    'TokenType',
    'TokenImpersonationLevel',
    'TokenStatistics',
    'TokenRestrictedSids',
    'TokenSessionId',
    'TokenGroupsAndPrivileges',
    'TokenSessionReference',
    'TokenSandBoxInert',
    'TokenAuditPolicy',
    'TokenOrigin',
    'TokenElevationType',
    'TokenLinkedToken',
    'TokenElevation',
    'TokenHasRestrictions',
    'TokenAccessInformation',
    'TokenVirtualizationAllowed',
    'TokenVirtualizationEnabled',
    'TokenIntegrityLevel',
    'TokenUIAccess',
    'TokenMandatoryPolicy',
    'TokenLogonSid')

TOKEN_TYPE = Enum(
    'TokenPrimary',
    'TokenImpersonation')

TOKEN_ELEVATION_TYPE = Enum(
    'TokenElevationTypeDefault',
    'TokenElevationTypeFull',
    'TokenElevationTypeLimited')

POLICY_AUDIT_EVENT_TYPE = Enum(
    'AuditCategorySystem', 
    'AuditCategoryLogon', 
    'AuditCategoryObjectAccess', 
    'AuditCategoryPrivilegeUse', 
    'AuditCategoryDetailedTracking', 
    'AuditCategoryPolicyChange', 
    'AuditCategoryAccountManagement', 
    'AuditCategoryDirectoryServiceAccess', 
    'AuditCategoryAccountLogon')

POLICY_INFORMATION_CLASS = Enum(
    'PolicyAuditLogInformation', 
    'PolicyAuditEventsInformation', 
    'PolicyPrimaryDomainInformation',
    'PolicyPdAccountInformation', 
    'PolicyAccountDomainInformation', 
    'PolicyLsaServerRoleInformation', 
    'PolicyReplicaSourceInformation', 
    'PolicyDefaultQuotaInformation', 
    'PolicyModificationInformation', 
    'PolicyAuditFullSetInformation', 
    'PolicyAuditFullQueryInformation', 
    'PolicyDnsDomainInformation')

POLICY_LSA_SERVER_ROLE = Enum(
    'PolicyServerRoleBackup', 
    'PolicyServerRolePrimary')

## access modes for opening a policy handle - this is not a real enum
POLICY_ACCESS_MODES = Enum(
    'POLICY_VIEW_LOCAL_INFORMATION',
    'POLICY_VIEW_AUDIT_INFORMATION',
    'POLICY_GET_PRIVATE_INFORMATION',
    'POLICY_TRUST_ADMIN',
    'POLICY_CREATE_ACCOUNT',
    'POLICY_CREATE_SECRET',
    'POLICY_CREATE_PRIVILEGE',
    'POLICY_SET_DEFAULT_QUOTA_LIMITS',
    'POLICY_SET_AUDIT_REQUIREMENTS',
    'POLICY_AUDIT_LOG_ADMIN',
    'POLICY_SERVER_ADMIN',
    'POLICY_LOOKUP_NAMES',
    'POLICY_NOTIFICATION',
    'POLICY_ALL_ACCESS',
    'POLICY_READ',
    'POLICY_WRITE',
    'POLICY_EXECUTE')

## EventAuditingOptions flags - not a real enum
POLICY_AUDIT_EVENT_OPTIONS_FLAGS = Enum(
    'POLICY_AUDIT_EVENT_UNCHANGED',
    'POLICY_AUDIT_EVENT_SUCCESS',
    'POLICY_AUDIT_EVENT_FAILURE',
    'POLICY_AUDIT_EVENT_NONE')

# AceType in ACE_HEADER - not a real enum
ACE_TYPE = Enum(
    'ACCESS_MIN_MS_ACE_TYPE',
    'ACCESS_ALLOWED_ACE_TYPE',
    'ACCESS_DENIED_ACE_TYPE',
    'SYSTEM_AUDIT_ACE_TYPE',
    'SYSTEM_ALARM_ACE_TYPE',
    'ACCESS_MAX_MS_V2_ACE_TYPE',
    'ACCESS_ALLOWED_COMPOUND_ACE_TYPE',
    'ACCESS_MAX_MS_V3_ACE_TYPE',
    'ACCESS_MIN_MS_OBJECT_ACE_TYPE',
    'ACCESS_ALLOWED_OBJECT_ACE_TYPE',
    'ACCESS_DENIED_OBJECT_ACE_TYPE',
    'SYSTEM_AUDIT_OBJECT_ACE_TYPE',
    'SYSTEM_ALARM_OBJECT_ACE_TYPE',
    'ACCESS_MAX_MS_OBJECT_ACE_TYPE',
    'ACCESS_MAX_MS_V4_ACE_TYPE',
    'ACCESS_MAX_MS_ACE_TYPE',
    'ACCESS_ALLOWED_CALLBACK_ACE_TYPE',
    'ACCESS_DENIED_CALLBACK_ACE_TYPE',
    'ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE',
    'ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE',
    'SYSTEM_AUDIT_CALLBACK_ACE_TYPE',
    'SYSTEM_ALARM_CALLBACK_ACE_TYPE',
    'SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE',
    'SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE',
    'SYSTEM_MANDATORY_LABEL_ACE_TYPE',
    'ACCESS_MAX_MS_V5_ACE_TYPE')

#bit flags for AceFlags - not a real enum
ACE_FLAGS = Enum(
    'CONTAINER_INHERIT_ACE',
    'FAILED_ACCESS_ACE_FLAG',
    'INHERIT_ONLY_ACE',
    'INHERITED_ACE',
    'NO_PROPAGATE_INHERIT_ACE',
    'OBJECT_INHERIT_ACE',
    'SUCCESSFUL_ACCESS_ACE_FLAG',
    'NO_INHERITANCE',
    'SUB_CONTAINERS_AND_OBJECTS_INHERIT',
    'SUB_CONTAINERS_ONLY_INHERIT',
    'SUB_OBJECTS_ONLY_INHERIT')

# used in SetEntriesInAcl - very similar to ACE_TYPE
ACCESS_MODE = Enum(
    'NOT_USED_ACCESS', 
    'GRANT_ACCESS', 
    'SET_ACCESS', 
    'DENY_ACCESS', 
    'REVOKE_ACCESS', 
    'SET_AUDIT_SUCCESS', 
    'SET_AUDIT_FAILURE')

# Bit flags in PSECURITY_DESCRIPTOR->Control - not a real enum
SECURITY_DESCRIPTOR_CONTROL_FLAGS = Enum(
    'SE_DACL_AUTO_INHERITED',        ## win2k and up
    'SE_SACL_AUTO_INHERITED',        ## win2k and up
    'SE_DACL_PROTECTED',             ## win2k and up
    'SE_SACL_PROTECTED',             ## win2k and up
    'SE_DACL_DEFAULTED',       
    'SE_DACL_PRESENT',       
    'SE_GROUP_DEFAULTED',       
    'SE_OWNER_DEFAULTED',       
    'SE_SACL_PRESENT',       
    'SE_SELF_RELATIVE',       
    'SE_SACL_DEFAULTED')

# types of SID
SID_NAME_USE = Enum(
    'SidTypeUser',
    'SidTypeGroup', 
    'SidTypeDomain', 
    'SidTypeAlias', 
    'SidTypeWellKnownGroup', 
    'SidTypeDeletedAccount', 
    'SidTypeInvalid', 
    'SidTypeUnknown', 
    'SidTypeComputer',
    'SidTypeLabel')

## bit flags, not a real enum
TOKEN_ACCESS_PRIVILEGES = Enum(
    'TOKEN_ADJUST_DEFAULT',
    'TOKEN_ADJUST_GROUPS',
    'TOKEN_ADJUST_PRIVILEGES',
    'TOKEN_ALL_ACCESS',
    'TOKEN_ASSIGN_PRIMARY',
    'TOKEN_DUPLICATE',
    'TOKEN_EXECUTE',
    'TOKEN_IMPERSONATE',
    'TOKEN_QUERY',
    'TOKEN_QUERY_SOURCE',
    'TOKEN_READ',
    'TOKEN_WRITE')
 
SECURITY_IMPERSONATION_LEVEL = Enum(
    'SecurityAnonymous',
    'SecurityIdentification',
    'SecurityImpersonation',
    'SecurityDelegation')

POLICY_SERVER_ENABLE_STATE = Enum(
    'PolicyServerEnabled',
    'PolicyServerDisabled')

POLICY_NOTIFICATION_INFORMATION_CLASS = Enum(
    'PolicyNotifyAuditEventsInformation',
    'PolicyNotifyAccountDomainInformation',
    'PolicyNotifyServerRoleInformation',
    'PolicyNotifyDnsDomainInformation',
    'PolicyNotifyDomainEfsInformation',
    'PolicyNotifyDomainKerberosTicketInformation',
    'PolicyNotifyMachineAccountPasswordInformation')

TRUSTED_INFORMATION_CLASS = Enum(
    'TrustedDomainNameInformation',
    'TrustedControllersInformation',
    'TrustedPosixOffsetInformation',
    'TrustedPasswordInformation',
    'TrustedDomainInformationBasic',
    'TrustedDomainInformationEx',
    'TrustedDomainAuthInformation',
    'TrustedDomainFullInformation',
    'TrustedDomainAuthInformationInternal',
    'TrustedDomainFullInformationInternal',
    'TrustedDomainInformationEx2Internal',
    'TrustedDomainFullInformation2Internal')

TRUSTEE_FORM = Enum(
    'TRUSTEE_IS_SID', 
    'TRUSTEE_IS_NAME', 
    'TRUSTEE_BAD_FORM', 
    'TRUSTEE_IS_OBJECTS_AND_SID', 
    'TRUSTEE_IS_OBJECTS_AND_NAME')

TRUSTEE_TYPE = Enum(
    'TRUSTEE_IS_UNKNOWN', 
    'TRUSTEE_IS_USER', 
    'TRUSTEE_IS_GROUP', 
    'TRUSTEE_IS_DOMAIN', 
    'TRUSTEE_IS_ALIAS', 
    'TRUSTEE_IS_WELL_KNOWN_GROUP', 
    'TRUSTEE_IS_DELETED', 
    'TRUSTEE_IS_INVALID', 
    'TRUSTEE_IS_COMPUTER')

## SE_OBJECT_TYPE - securable objects
SE_OBJECT_TYPE = Enum(
    'SE_UNKNOWN_OBJECT_TYPE',
    'SE_FILE_OBJECT',
    'SE_SERVICE',
    'SE_PRINTER',
    'SE_REGISTRY_KEY',
    'SE_LMSHARE',
    'SE_KERNEL_OBJECT',
    'SE_WINDOW_OBJECT',
    'SE_DS_OBJECT',
    'SE_DS_OBJECT_ALL',
    'SE_PROVIDER_DEFINED_OBJECT',
    'SE_WMIGUID_OBJECT',
    'SE_REGISTRY_WOW64_32KEY')

PRIVILEGE_FLAGS = Enum(
    'SE_PRIVILEGE_ENABLED_BY_DEFAULT',
    'SE_PRIVILEGE_ENABLED',
    'SE_PRIVILEGE_USED_FOR_ACCESS')

# Group flags used with TokenGroups
TOKEN_GROUP_ATTRIBUTES = Enum(
    'SE_GROUP_MANDATORY',
    'SE_GROUP_ENABLED_BY_DEFAULT',
    'SE_GROUP_ENABLED',
    'SE_GROUP_OWNER',
    'SE_GROUP_USE_FOR_DENY_ONLY',
    'SE_GROUP_INTEGRITY',
    'SE_GROUP_INTEGRITY_ENABLED',
    'SE_GROUP_LOGON_ID',
    'SE_GROUP_RESOURCE')

# Privilege flags returned by TokenPrivileges
TOKEN_PRIVILEGE_ATTRIBUTES = Enum(
    'SE_PRIVILEGE_ENABLED_BY_DEFAULT',
    'SE_PRIVILEGE_ENABLED',
    'SE_PRIVILEGE_REMOVED',
    'SE_PRIVILEGE_USED_FOR_ACCESS')
